Monday, October 29, 2012

Computer and Electronics Tips for a Potential Power Outage

As Hurricane Sandy headed rapidly towards the New England, I received several calls from clients asking what to do in preparation for a power outage. Every business should have a comprehensive disaster prevention and recovery plan that includes appropriate redundancies, but with the storm at hand, some basic strategies are in order.

Here are some of the last minute tips that I shared with them which hope will also prove helpful to you:
  • Unplug If power goes out, browns out (dim lights), or is flickering, unplug computers and electronics from the wall. Damaging power surges/spikes often occur when power comes back on, and during thunderstorms it's not uncommon for surges to enter through cable and phone lines. Shutting systems down is not sufficient. While surge protectors are important, they may not provide enough protection during a major storm or electrical event.
  • Keep dry -  If you're in a location prone to flooding, be sure that your computers are at least a couple of inches off of the floor. Keep in mind that floods don't only occur in basements. A leaky roof or burst pipe can bring water damage to any floor of a building.
  • Backup - Is your data thoroughly backed up? Is the backup stored somewhere safe? If the power is still stable, you may have time to do a quick backup. Think about throwing a few critical things that you may need over the next few days onto an external drive. If it’s too late fot that, let this be a strong reminder to get your backup procedures in order once the storm clears.
  • Plan B - Do you have a have a hard copy of your employee, customer and vendor contact lists? Depending upon the nature of your business, you'll want to keep the appropriate parties appraised of the situation. That can be really difficult to do if you don't know how to reach them. If you your Email system and/or website is hosted onsite, consider alternate ways to communicate. If your systems are hosted in a data center, be sure that people have access to instructions for logging in remotely. If your phone system is down, the provider may be able to either forward calls or post a recorded message.
  •  UPS - For the future, think about purchasing uninterruptible power supplies (UPS) for your most vital systems. This is basically battery backup. Security systems usually have one built in and they even have them in some garage door openers now (that was a bummer getting locked out of the garage during last year’s snow storm). You’ll want to purchase units with automatic voltage regulation (AVR); these also kick in when there’s too much or too little power. While a UPS may only keep you up and running for a short time, they do a far better job than regular surge protectors and may provide you enough time to at least save work and shut down properly. Keep in mind that without a UPS, most business phone systems will immediately go down. Batteries need to be replaced every couple of years, so be sure to test UPSs periodically.
  •  Insurance - After the storm, take the time to review your commercial or homeowner's insurance policy. There are often significant limits on computers and electronics, but most carriers offer special technology riders that may even include coverage for data recovery. This small investment may pay off sooner than you think.
If you experience a loss, feel free to give me a call. I’m happy to provide quick advice or answer a brief question. I unfortunately have a lot of experience dealing both insurance companies and bailing people out of disasters large and small. Either way, it's probably time to review your disaster plans, and if you don't have one give Winter Solutions a call ensure so you can start putting one in place for next time.
May your basements be dry, and may your electricity continue to flow!

- Dovid

Dovid Winter is Principal Consultant of Winter Solutions and has been providing hands-on IT management services to small-business, non-profit and education since 1986. In addition to website development and hosting services, Winter Solutions' offers an array of managed IT services. Whether you are looking for assistance with a single project or to outsource your entire IT department, Winter Solutions has a solution to meet your needs. Contact us at 781 821-0000.

Thursday, October 11, 2012

I'm Infected by My Antivirus

Call it a virus … call it spyware or malware … whatever you want to call it, it seems like I’ve been getting calls for years about this major nuisance.  The pop-up might tell you that your hard drive is failing or your registry is corrupted or your computer is infected with 43 viruses, and to the untrained eye it can be quite convincing, but these days, warnings like these are more often than not a hoax, what Wikipedia calls rogue security software.

So if it’s a hoax, Dovid, does that mean that I can just ignore it?

Unfortunately, you cannot.  Worst case scenario, this hoax carries some damaging payload and is a virus itself; best case, it’s a nuisance that’s just trying to steal your credit card info. (I’ve actually had clients pay to activate the fake antivirus software with hopes that this would remove it.) The important thing is to recognize that responding to any requests from this malicious software will only make things worse.

How do I know whether it’s real or a hoax?

When in doubt, call your competent local IT expert (shameless plug).

Another line of defense is knowledge – which is why  it’s a good idea to  familiarize yourself with your antivirus software before there’s a problem. Learn how to check to make sure it’s active and up to date.  Many people are sitting ducks for this kind of scam precisely  because they don’t know what their antivirus software is supposed to look like. (The truth is, it’s  easy to recognize t a hoax when it’s written in Pidgin Englis;, but thanks to all of those outsourced call centers, it may be that hackers’ English seems to be getting better all the time.)

How did I get it?

Since I’m generally a believer in holistic computing practices, I’ll always start by telling you that your computer got infected because it didn’t have a healthy immune system and was therefore vulnerable; but to be more pragmatic, more often than not, there’s an infected website involved. Either you were conned into clicking a link in a deceptive Email message, or mistyped an Email address, or were on a site that you probably shouldn’t have been on, or as mentioned in our last blog posting, visited a perfectly reputable site that was hacked or infected itself. 

Unfortunately, it can  happen even if you are “protected” by top name antivirus software and even if you’re “careful.”  I can certainly admit to being fooled before and  it can happen so quickly that you don’t know what hit you. Other times it takes getting fooled into an act of collusion by clicking through a number of steps, functionally voluntarily installing this bad-ware on your own computer. (They may even be kind enough tell you what they’re going to do to your computer in the fine print.) Even if this happens just once, it can be an expensive learning experience.

Ok. Well, I got whacked, so now what?

Save your work if you need to and shut the computer down right away; if necessary, hold the power button down for ten seconds to turn the computer off or unplug it (on a desktop computer that’s the box or CPU, not the monitor or screen).   To state the obvious, viruses can’t cause damage if the computer isn’t on. Sometimes what looks like a legitimate alert may only be a deceptive video clip from a website pop-up. If you’re lucky, you caught the problem in its tracks and the computer will be fine when you start back up.

But if there are any signs that the virus is still there when you restart, call your competent local IT expert (shameless plug #2). While sometimes these issues can be resolved with the right utilities, more often than not, if it got by some barriers to get installed in the first place, it might be require a more  complex removal process.  Of course, if you went so far as to give up credit card information, after you finish kicking yourself, call your credit card company.

What can I do to avoid these problems for my business?

There’s no question that prevention is the best medicine. Feel free to share these strategies with your office team.

  1. Educate your staff. Periodically remind them not to open an Email attachment or website link unless they know the sender and what it is that they’re opening. Computers used exclusively for appropriate business certainly tend to be less vulnerable. (That said, it’s not a fair assumption  that a staff member was doing something wrong if the computer got infected.  Unfortunately, when perfectly reputable business websites get infected they tend to share the problem with hundreds or thousands of users, not just a few dozen. )
  2. Limit administrator access. Ask your IT expert to set the computers up so that the users do not have Administrator access. If the person who is on the computer when it gets infected doesn’t have permission to install software, most malware can’t get very far. So, even if that user’s account is infected, the rest of the computer will likely be ok.
  3. Keep your systems up to date. Make sure that updates are allowed to run automatically make – and keep up with – a schedule for regular manual update checks.
  4. Make sure that you have an antivirus product installed. And ensure that you know how to keep it up to date. Money saving tip: You can pass on the  bloated feature-rich security products sold in stores. For networks with only a few computers, the free options like Microsoft Security Essentials are fine. For larger networks, you’ll want to go with a product like Trend-Micro that’s designed to be managed from a central console. You also might consider supplemental products like Malwarebytes, Spybot S&D and CCleaner  to help keep the computer clean and garbage free.
  5. Have a good firewall. This creates a level of prophylaxis between your computer and the Internet. Newer devices do a great job at screening websites and scanning network content before it gets to your computer. As referenced in our last blog posting, all the heroic policing efforts of Google and others to scan the Internet and keep it safe are great, but it’s not safe to assume that they’ll catch every site fast enough. For larger or growing sites, I definitely recommend Barracuda to do this job. (Employer bonus: Barracuda can also help ensure that your users are primarily using their computers to do their jobs, instead of shopping, playing fantasy football or hanging out on Facebook.)
  6. Protect your Email. Make sure that your Email systems are screened for spam and also well protected from viruses. We provide robust filtering on our Microsoft Exchange hosting services, but I feel very strongly that Email should be filtered long before it reaches your computers or servers. You’ll want to check with your Email providers to ensure that this is the case.
  7. Get a Mac. I can hear the outcry from here. But think about getting a Mac. There’s at least a modest premium for purchasing Apple and they’re not the best solution for larger networks or environments with specific applications which don’t run on Mac; but I haven’t seen a virus on a Mac in at least 15 years, and even then, it was in Microsoft Office. Yes, Windows has  made impressive strides toward becoming safer and there are (at least theoretically) Mac OS viruses out there, but it’s getting easier and easier for Macs and PCs to get along and everyone  I know (including myself) who has one, loves them.
  8. Backup, backup, backup.  It’s the mantra we can’t afford to ignore. Almost always, your data is far more important than your computer. Make sure that you have a robust onsite and offsite backup solution in place so that if the computer is so badly infested that it needs to be wiped out, you will make sure you don’t lose the data that your business needs to function.

Seriously?! How am I supposed to stay up to date on all of this? Shouldn’t my computers just work? I seem to get along ok. Who has time for this? Isn’t this what my IT guy (or gal as the case may be) is for?

I feel your pain. But, as I said, a modest amount  of education can go a long way, especially when it comes to appropriate computer use. When it comes to the rest, it is important to ensure that, even if you don’t know all of the details, there is someone on your team with the right expertise who does. Some pieces can be handled by a competent staff person or a decent computer consultant, but once your business is starting to grow you’ll want to engage a managed service provider to deliver  the level of experience and knowledge needed to ensure that you have a reliable platform that meets your growing business needs.

Remember: Don’t settle for computers that simply function. Technology can and should be a tool to increase productivity and drive your business forward in creative new ways.

Dovid Winter is Principal Consultant of Winter Solutions and has been providing hands-on IT management services to small-business, non-profit and education since 1986. In addition to website development and hosting services, Winter Solutions' offers an array of managed IT services. Whether you are looking for assistance with a single project or to outsource your entire IT department, Winter Solutions has a solution to meet your needs. Contact us at 781 821-0000.

Monday, September 24, 2012

When Google Shuts You Down

It was 8:30 on a Monday morning and I received a call from a client. After signing in and grabbing their first cup of coffee of the week, they were greeted by the following on their company website: "Warning: Visiting this site may harm your computer!" Yes, despite diligent efforts, websites can go down, and on rare occasions they're even hacked. The fix is usually straightforward and in short time things can be put back in order, but this was different. This site was blocked by Google.
Now, if your website goes down for a short time, how significantly is your business impacted? If you're in Ecommerce or your website drives your business, even a brief disruption could be a major blow, but that was not the case here. This was a basic informational website, what we call a brochure site. A problem on a brochure site is certainly not good for a company's reputation, but it doesn't generally impact the company's ability to continue doing business (unless they were blacklisted by Google).

"When Google decides that your website is a risk, all of your company's productivity systems can go down!"

But when Google detects that a website is a risk, they don't just block that website, they block the entire domain name. What does that mean and why should you care? Well, with more resources moving to the cloud, companies are now likely to have a collection of websites.
In addition to bringing you to the Winter Solutions website, I might have for the Email system, for the database platform, for your customer service platform, etc. That means when Google decides that your website is a risk, every one of your company's productivity systems can go down!
Your website might be hosted in a data center in Texas, your Email on an Exchange server in New England, and your database on the cloud, but to Google, they're all one entity if they fall under the same domain name, and they're all liable to get blocked if Google decides any one of them is a risk.
Google's efforts to protect the world from the dangers of malware (viruses and other really bad stuff) are laudable. Perhaps as a reflection of the United States' traditional role as international peacekeeper of the world, Google is ever vigilant, crawling the Internet (while building it's search databases) and keeping an eagle eye out for the virtual IEDs and minefields that wreak havoc on our unsuspecting computers. More often than not, by the time the antivirus on our own computers detects that a website is infected, it's too late; our computer is infected. Once Google detects that a site is infected or otherwise compromised, the site is added to a blacklist and access to the site is effectively blocked by Google's Chrome web browser, Firefox and a myriad of other sources that subscribe to Google's lists. Visitors may be able click to proceed, but after being sterly warned away, most aren't even going to take the chance. (I'm certainly not inclined to). While Google is not the only provider working to secure the Internet, detection by Google is certainly one of the most impactful.
Well, that's great Dovid. Thanks for giving me yet another reason to be afraid of the Internet and think twice about moving to the cloud.
The good news is that there's a lot that can be done to minimize the risk of these problems.  Some of these strategies are new, but most we've been using for years with higher profile sites. The key change here is recognizing that your website may deserve more TLC than you previously thought: 
1. Ask your webmaster if your website is kept up to date - Just like your own computer, your website platform needs to be updated periodically.  While your hosting provider may do a great job of keeping the server itself up to date, content management systems (like WordPress or Joomla) and Ecommerce platforms also need maintenance. An up to date platform is a lot less vulnerable to hackers and malware infections.
2. Ask your webmaster about installing a web application firewall - Without much fuss, these tools can add an additional layer of protection by looking for and blocking malicious patterns of behavior, even limiting access to the regions you do business with.
3. Enroll in a website monitoring service - Services to watch your website and alert you when it's down have been around for years. Some can even be configured to watch your content and alert you if website has been hacked and defaced. Newer platforms will act like the antivirus on your computer and will scan your website for malware. If your website has a problem, you're going to want to know about it before Google and others do so it can be taken care of quickly (before it's blacklisted).
4. Backup, backup, backup - While your hosting provider may back up the site, these backups are oriented towards recovering failed hardware and may not capture the time of your incident. Most platforms offer options to easily backup both your website files and database. Ask your webmaster what the  easiest way is to back your own site up and backup frequently.
5. Alternate domain names - Most of our websites are on a .com (or .org for non-profits), but lots of us also have registered extra domain names that we haven't gotten around to using. It may be the .net, .biz, or .info version of our site or it may just be another form of our name. Ask your webmaster about keeping your public facing website on the .com or .org and configuring the alternate domain names for your other production systems. This way, if your public website is ever blacklisted, your other systems won't be affected. If a site is ever blacklisted, customers might also be advised to access the site on one of your backup domain names.

"While the issues were basically resolved within two hours, it took 24-48 hours before the alerts from Google and other blacklists full cleared."

Back to the story of my client in distress ... we were able to restore their website from a recent backup, patch the site and apply an application firewall to make it secure, enable an alternate domain for temporary access, notify Google and others that the site was clean and put a new monitoring system in place to ensure that problem doesn't recur. While the issues were basically resolved within two hours, it took 24-48 hours before the alerts from Google and other blacklists full cleared.
Ok, Dovid. Well you've pretty much just told me to call my webmaster. She already knows more than I do about my website, so can't I just trust that they're doing what needs to be done?
Of course that would be very nice and it would take much of the burden from you, but web developers focus on delivering projects and unless contracted for maintenance, they're unlikely to perform the necessary follow-up unless being specifically asked. While some platform updates may be easy to apply, sites that are heavily customized may entail considerable work each time a new update is deployed. A webmaster may have excellent design and development expertise, but that does not necessarily mean they have the skills needed to properly secure and maintain your site once it's deployed.  Be sure that your webmaster is in communication with your IT team. As one wise man former president once said, trust, but verify!

Dovid Winter is Principal Consultant of Winter Solutions and has been providing hands-on IT management services to small-business, non-profit and education since 1986. In addition to website development and hosting services, Winter Solutions' offers an array of managed IT services. Whether you are looking for assistance with a single project or to outsource your entire IT department, Winter Solutions has a solution to meet your needs. Contact us at 781 821-0000.